Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/37Hdxw55UaSlkCH4hw_jq3D_ask.roa
File: 37Hdxw55UaSlkCH4hw_jq3D_ask.roa (raw, json)
Hash identifier: 8CxvzsNYAEUNTxN6aYWO+TDoMC6NCZj90vE4nzLPjJk=
Subject key identifier: DF:B1:DD:C7:0E:79:51:A4:A5:90:21:F8:87:0F:E3:AB:70:FF:6A:C9
Certificate issuer: /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial: 018F318BAE4FF0AE966E7EADC531130AE013
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/37Hdxw55UaSlkCH4hw_jq3D_ask.roa
Signing time: Wed 01 May 2024 00:26:28 +0000
ROA not before: Wed 01 May 2024 00:26:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206065
IP address blocks: 37.32.36.0/22 maxlen: 24
45.140.228.0/22 maxlen: 22
45.156.180.0/22 maxlen: 22
45.156.192.0/22 maxlen: 22
45.156.194.0/23 maxlen: 24
45.156.200.0/22 maxlen: 22
85.198.48.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:31:8b:ae:4f:f0:ae:96:6e:7e:ad:c5:31:13:0a:e0:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Validity
Not Before: May 1 00:26:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dfb1ddc70e7951a4a59021f8870fe3ab70ff6ac9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:fb:75:fe:2e:56:c3:2c:c1:96:b5:ed:f6:60:
f9:5a:17:02:a0:e4:7b:d0:bf:94:7c:8e:9d:0a:96:
3b:1e:42:f8:a5:d6:04:3b:03:60:5b:e6:eb:6b:61:
10:9a:0f:13:bc:4c:1d:2c:88:f6:4e:07:6e:07:c7:
e6:4e:98:1d:d1:3f:c4:f2:0f:a0:81:40:8a:fb:f4:
b7:d8:49:07:b3:24:ba:44:9e:7b:67:7e:53:dd:bd:
82:ee:49:47:ff:ae:b7:e1:62:ba:f1:ee:78:0b:eb:
dd:c0:56:65:da:7a:d4:dc:43:13:10:b8:90:fb:9a:
5f:29:7f:13:26:18:28:8a:55:b0:f4:0d:76:9e:56:
3e:ca:3a:6c:97:82:5d:c9:ed:8f:b0:3e:21:48:c2:
0c:65:03:0b:bc:5a:b4:c8:43:d4:4f:b7:df:c3:5b:
cc:25:cc:dd:bf:24:37:41:8a:3f:27:e2:10:70:b6:
d5:9d:66:a0:f5:c2:8c:d8:27:d6:ac:3e:65:ee:e5:
00:10:fe:12:23:d8:11:a2:89:d9:48:6a:90:c7:45:
9d:08:c7:ca:f2:ce:2a:22:a4:fb:33:c6:fc:81:9e:
03:9e:50:c6:a7:f3:02:2a:1d:85:2d:e3:fe:3b:3b:
41:d7:b8:f1:29:35:37:03:c4:70:39:c6:64:be:c3:
01:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:B1:DD:C7:0E:79:51:A4:A5:90:21:F8:87:0F:E3:AB:70:FF:6A:C9
X509v3 Authority Key Identifier:
keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/37Hdxw55UaSlkCH4hw_jq3D_ask.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.32.36.0/22
45.140.228.0/22
45.156.180.0/22
45.156.192.0/22
45.156.200.0/22
85.198.48.0/20
Signature Algorithm: sha256WithRSAEncryption
06:e4:f4:7e:e1:d8:32:9c:79:24:2d:0e:b6:65:80:79:44:56:
f3:57:e9:17:75:77:e4:39:6a:a6:3f:0e:6c:8a:fd:9d:e6:39:
53:40:b7:8c:3a:83:c4:73:2a:f2:71:ef:df:97:a5:a7:81:91:
0d:e2:ce:57:cd:ea:e9:12:39:fb:ae:54:28:09:a0:2b:83:59:
72:5a:4a:61:69:8e:97:e5:7f:c3:6d:15:21:a1:11:f5:8c:8c:
6b:6e:f8:6a:cb:c8:c6:19:66:b7:67:2b:df:31:9c:c2:0b:0b:
d4:43:4c:75:99:73:3d:61:8d:b9:c1:ec:31:6c:cd:df:32:f5:
a6:bb:10:40:97:15:d4:46:0c:dd:c7:81:65:b3:3b:5a:d4:0d:
14:5d:9f:09:b4:70:af:2c:50:02:bd:35:f0:6b:37:d4:2c:ab:
8d:62:52:ce:14:bd:88:ff:d0:50:57:85:99:44:11:88:c8:5c:
22:0b:5d:f5:7d:11:8d:56:cd:79:40:63:3e:30:06:16:62:f6:
a6:21:f3:9e:3c:7b:43:d1:fb:c3:d1:ed:a2:20:a1:1b:88:2d:
39:04:89:8a:8c:23:cf:00:38:93:e2:d6:9b:fd:6b:e1:65:48:
39:e0:88:07:79:1f:27:9c:ba:e9:b6:bc:8a:d5:e0:c0:b8:61:
97:b8:6d:c2
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY8xi65P8K6Wbn6txTETCuATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjQwNTAxMDAyNjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmIxZGRjNzBlNzk1MWE0YTU5MDIxZjg4NzBmZTNhYjcwZmY2YWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPt1/i5WwyzBlrXt9mD5WhcCoOR7
0L+UfI6dCpY7HkL4pdYEOwNgW+bra2EQmg8TvEwdLIj2TgduB8fmTpgd0T/E8g+g
gUCK+/S32EkHsyS6RJ57Z35T3b2C7klH/6634WK68e54C+vdwFZl2nrU3EMTELiQ
+5pfKX8TJhgoilWw9A12nlY+yjpsl4Jdye2PsD4hSMIMZQMLvFq0yEPUT7ffw1vM
JczdvyQ3QYo/J+IQcLbVnWag9cKM2CfWrD5l7uUAEP4SI9gRoonZSGqQx0WdCMfK
8s4qIqT7M8b8gZ4DnlDGp/MCKh2FLeP+OztB17jxKTU3A8RwOcZkvsMBLQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN+x3ccOeVGkpZAh+IcP46tw/2rJMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvMzdIZHh3NTVVYVNsa0NINGh3X2pxM0RfYXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJSAkAwQC
LYzkAwQCLZy0AwQCLZzAAwQCLZzIAwQEVcYwMA0GCSqGSIb3DQEBCwUAA4IBAQAG
5PR+4dgynHkkLQ62ZYB5RFbzV+kXdXfkOWqmPw5siv2d5jlTQLeMOoPEcyryce/f
l6WngZEN4s5XzerpEjn7rlQoCaArg1lyWkphaY6X5X/DbRUhoRH1jIxrbvhqy8jG
GWa3ZyvfMZzCCwvUQ0x1mXM9YY25wewxbM3fMvWmuxBAlxXURgzdx4Flszta1A0U
XZ8JtHCvLFACvTXwazfULKuNYlLOFL2I/9BQV4WZRBGIyFwiC131fRGNVs15QGM+
MAYWYvamIfOePHtD0fvD0e2iIKEbiC05BImKjCPPADiT4tab/WvhZUg54IgHeR8n
nLrptryK1eDAuGGXuG3C
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:49 2024 by rpki-client on console-ams.rpki-client.org